Cloud security daily 220623: the red hat database management system has found an arbitrary code execution vulnerability and needs to be upgraded as soon as possible

6 month 22 Japan , Red hat has released a security update , Fixed the red hat relational database management system PostgreSQL Arbitrary code execution vulnerability found in . Here are the details of the vulnerability ：

Vulnerability Details

source :https://access.redhat.com/errata/RHSA-2022:5162

CVE-2022-1552 CVSS score ：8.8 severity ： high

stay PostgreSQL A hole was found in . When a privileged user maintains another user's object , Incomplete efforts for safe operation will cause problems .Autovacuum、REINDEX、CREATE INDEX、REFRESH MATERIALIZED VIEW、CLUSTER and pg_amcheck The command is too late in the process or the relevant protection is not activated at all . This vulnerability allows an attacker to create non temporary objects in at least one mode , To execute any... As superuser SQL function .

Affected products and versions

Red Hat Enterprise Linux Server 7 x86_64

Red Hat Enterprise Linux Workstation 7 x86_64

Red Hat Enterprise Linux Desktop 7 x86_64

Red Hat Enterprise Linux for IBM z Systems 7 s390x

Red Hat Enterprise Linux for Power, big endian 7 ppc64

Red Hat Enterprise Linux for Scientific Computing 7 x86_64

Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Solution

RedHat Official by Red Hat Enterprise Linux 7 Provide postgresql to update , If postgresql Service is running , Automatically restart after installing this update .

For more information on how to apply this update , see also ：

https://access.redhat.com/articles/11258

View more vulnerability information And upgrade, please visit the official website ：

https://access.redhat.com/security/security-updates/#/security-advisories